|
[
Permlink
| « Hide
]
Chris Douglas added a comment - 18/Oct/08 12:35 AM
Attaching ssl-related section of 4284 on Kan's behalf.
-1 overall. Here are the results of testing the latest attachment
http://issues.apache.org/jira/secure/attachment/12392402/4453-2.patch  against trunk revision 705942. +1 @author. The patch does not contain any @author tags. -1 tests included. The patch doesn't appear to include any new or modified tests. +1 javadoc. The javadoc tool did not generate any warning messages. +1 javac. The applied patch does not increase the total number of javac compiler warnings. +1 findbugs. The patch does not introduce any new Findbugs warnings. +1 Eclipse classpath. The patch retains Eclipse classpath integrity. -1 core tests. The patch failed core unit tests. +1 contrib tests. The patch passed contrib unit tests. Test results: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch/3496/testReport/ This message is automatically generated. setupSsl(...) should not be done in DistCp since DistCp should only uses file system API. How about move the codes to HsftpFileSystem, so that these codes will be executed when a HsftpFileSystem is initialized?
This is a good point, but it also highlights the extent of this change. Since the purpose of this JIRA is to improve the existing ssl support for HsftpFileSystem, its side-effects shouldn't extend to all map/reduce tasks. Ideally, it should also maintain distcp's FileSystem agnosticism. The server code looks good. The client code in Child and DistCp can probably be moved into HsftpFileSystem::initialize, which should also warn if it's called more than once in the same JVM (assuming a second HsftpFileSystem handle can invalidate the first; FileSystem cache hits should be benign). Unfortunately, this creates a dilemma for distcp: its client and task resources may be at different locations, but HsftpFileSystem will use the same property. This is going to be true for many users of HsftpFileSystem. Lacking a general need for similar, asymmetric configuration, I'd propose adding a static config method to HsftpFileSystem: public static void setSslConfigLocation(String loc, Configuration conf) { conf.set("dfs.https.client.keystore.resource", loc); } And calling this before submitting the job from DistCp, if -mapredSslLoc <loc> is specified. If there is a general need, we can look into extending GenericOptionsParser to support something more clever. -1 overall. Here are the results of testing the latest attachment
http://issues.apache.org/jira/secure/attachment/12393492/4453-3.patch against trunk revision 712102. +1 @author. The patch does not contain any @author tags. -1 tests included. The patch doesn't appear to include any new or modified tests. +1 javadoc. The javadoc tool did not generate any warning messages. +1 javac. The applied patch does not increase the total number of javac compiler warnings. +1 findbugs. The patch does not introduce any new Findbugs warnings. +1 Eclipse classpath. The patch retains Eclipse classpath integrity. +1 core tests. The patch passed core unit tests. +1 contrib tests. The patch passed contrib unit tests. Test results: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch/3550/testReport/ This message is automatically generated. Hsftp::initialize should call super.initialize(name, conf); instead of repeating code from Hftp::initialize, but otherwise +1
Has this been tested with with FsShell? I just committed this. Thanks, Kan
Integrated in Hadoop-trunk #655 (See http://hudson.zones.apache.org/hudson/job/Hadoop-trunk/655/
). Improve ssl configuration and handling in HsftpFileSystem, particularly when used with DistCp. Contributed by Kan Zhang. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
 |
|
Improvement
Closed
Major
Improve ssl handling for distcp
